NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

donawalt's avatar
donawalt
Mentor
Jul 08, 2023
Solved

Any need to beef up my security for this?

Hi all, I noticed in my router log this week for the first time, "Remote login failure". I only had about 5 of them for the week. Here is a sample, the IP addresses are all different countries - Macedonia, Netherlands, Russia....maybe the IP addresses are spoofed too? I don't know. Example:

 

[Remote login failure] from source 185.83.254.56, Wednesday, Jul 05,2023 18:04:58

 

So my question is this - what are the best practices to ensure I am protected from these? I have a very secure long obscure password for admin access to the router and separately for the WiFi password (which I don't think this is). Guest network is not enabled.  I have no port forwarding or triggering, no DDNS, VPN, static routes, or VLAN/Bridge. 

 

Anything else I should check or set up? Thanks! 

30 Replies

Sort By
Replies have been turned off for this discussion
  • F_V's avatar
    F_V
    Luminary
    Jul 08, 2023

    I have one piece of security advice.  DO NOT allow router admin page access from the WAN side.  In other words, only allow logins from a device that is already associated with your LAN.  If you allow outside access, the router is going to get hammered 24/7/365.  If you are seeing login failures that you can't explain from within your network, it's already too late 🙂

     

    That example IP you pasted has been very very busy, port scans, all sorts of random connection attempts going back months.

    • donawalt's avatar
      donawalt
      Mentor
      Jul 08, 2023

      Thanks F_V for the tip. Question for you though, how do I prevent router admin page access from the WAN side? Since the router admin page has an internal IP address, don't I have to explicitly map that thorough? Or does this mean turn off Anywhere Access in the Orbi app?

       

      Thanks!

      • FURRYe38's avatar
        FURRYe38
        Guru
        Jul 08, 2023

        FYI, NG removed WAN side support for access to the RBRs web page about two years ago. 

    • FarmerBob1's avatar
      FarmerBob1
      Luminary
      Jul 09, 2023

      I tend to get a lot of DDoS Inquiries and other nefarious listings in the logs. AND since my Hopper3s are contacting Russia, Belarus and other Soviet Block countries. So extraneous access for me is not a priority.

      • FURRYe38's avatar
        FURRYe38
        Guru
        Jul 09, 2023

        Can you check and see if your 8 series sees same thing too?

        FarmerBob1 wrote:

        I tend to get a lot of DDoS Inquiries and other nefarious listings in the logs. AND since my Hopper3s are contacting Russia, Belarus and other Soviet Block countries. So extraneous access for me is not a priority.

         

  • FURRYe38's avatar
    FURRYe38
    Guru
    Jul 09, 2023

    I checked my MK system and it's not reproducing. However my 960 is. Oy vay. ğŸ™„